April 30th, 2010

Few months ago, I purchased a Panasonic Lumix DMC FZ-28 digital camera. It’s a bridge camera and has plenty of features. I’m totally in love with the camera. However, cameras such as this, Canon Powershot SX 20 IS etc. should have a few more features along with wifi enabled so that we amateurs are able to do a lot more easily

Here’s a typical work flow for my trek photos:

Go on a trek –> Click nice pictures –> Transfer the photos to the computer –> Make minor modifications such as contrast, brightness, saturation, cropping etc. –> Remove duplicates –> Add signature, copyright notice –> Generate a low resolution version of the final photographs –> Upload them to Flickr/Picasa/Facebook to share them with the world.

With these powerful cameras, much of this can be done on the camera itself. For e.g. my camera already allows adding signatures to pictures through a text stamp feature. It also allows notes to be added to pictures. The pictures can be cropped and frame freezes can be obtained from HD videos shot with this camera. While cropping, a tiny popup containing contrast, saturation and brightness could be displayed. Pictures can be marked with a star so that they can be cycled through while viewing the clicks.

What I want now

Each camera should have a nice file system API, network API and GUI API. Using these APIs, third party applications would be able to fetch photos from the memory card and do the required modifications. More detailed descriptions would be added to the photos and they would be preserved as part of the picture’s EXIF data.

The memory card should be formatted in a special way so that it can hold third party applications in a separate shell. This shell would be accessible through an iTunes like desktop software from which third party applications for the camera can be installed or removed. Once an application is installed, it should be displayed in an Application settings screen on the camera, from where the application can be activated or deactivated.

Once the necessary modifications are done, using the network APIs and WiFi, the application should upload the “starred” photos to flickr, picasa, facebook or any other service the application supports. All these and other services support HTTP APIs. Instead of the camera themselves supporting various services, it could just provide nice APIs and let the developers do the magic. While uploading each picture, a very high resolution picture should be scaled down for the web dynamically.

Geo Tagging

Oh wait! I want to geo-tag the photos as well. So, while clicking each photo, they should be geo-tagged in the background so that the actual speed of clicking a photo isn’t affected. Manually geo-tagging photos are a huge pain in the wrong places.

April 26th, 2010

Note: I haven’t yet published some trekking posts since Feb. But this couldn’t wait. So they’ll be up soon.

By now, everyone must have been aware of the recent Facebook announcement of the universal Like button. As probably talked about all over the web, this one button is like giving too much of power to one company. By now the Like button should have appeared on thousands of websites already. Famous press blogs running wordpress should have had the Like button along their standard ‘share this’ toolbar. Facebook’s 400 million+ user base is a huge audience to showcase your content to & everyone wants a piece of the pie!

However, this like button reopens an old problem in a new way… User Privacy. Few years ago, when doubleclick.net installed tracking cookies for sending customized advertisements, it created a huge uproar. Similar stuff happened when Google History came about. But now, Facebook uses a clever way to track users that, you cannot even opt out if you don’t like the process. It makes of full use of the way how the web and ultimately, HTTP(S) works.

I’m not even talking about the case where you are logged in to Facebook and click on a ‘Like’ button on a website. That’s voluntary. You like a piece of content and you spread it to your friends and fans on Facebook. I’m talking about the case where you just visit a certain website containing the Like button and that data will be harvested by Facebook.

Like this on Facebook to understand how it works:

How it works

Let us take it step by step:

Clear cookies on your browser. If you are using Firefox or Chrome, press Ctrl+Shift+Del.

Visit www.facebook.com

Login to Facebook.

Visit other websites to be tracked. So simple isn’t it?

When you first visit Facebook.com, it sets a cookie called “datr”, whose expiry is two years from now. So, if you visit Facebook.com today and never clear your browser’s cookies, you will be tracked for the first two years with “datr”. When that period expires, it will be replaced with a new cookie and you will continue to be tracked. After you login to Facebook, it sets some more cookies on your browser along with a cookie called “xs” which is the session cookie for your Facebook session. If you remove this cookie, you will be redirected to Facebook’s login page. After login, “datr” and “xs” cookies will be refreshed.

When you embed the Like button on your website, it loads in an iframe in the Facebook.com domain. When a request is sent to any website by clicking on a link or by typing it on the browser’s address bar, the browser sends all the active (non-expired) cookies to the domain. So, when the Like button loads on a website, it makes a request to http://www.facebook.com/plugins/like.php. Along with this request, it will send the “datr” and “xs” cookies. It will also set the HTTP ‘Referer’ header to the originating website. For example, if you click on a Facebook.com link from my website, the Referer header will be set as ‘www.aswinanand.com’. This is used by other websites to determine where the user is coming from.

Now, when the ‘Like’ button loads on a website inside Facebook’s iframe, the Referer header will be set to your website’s page, “datr” cookie will be sent and if you have already logged in to Facebook, “xs” cookie will also be sent. So, just by loading Facebook’s Like button, Facebook will know what websites you had visited. Since the expiry for “datr” is set to two years, it will associate your Facebook logins to this cookie… which means, even if you logout of Facebook, it will know who the user is. Moreover, when you are logged in and move from one place to another, Facebook will know during what times of the day you are active and during what times you are inactive. When you are active, it will know from where your web browsing occurs and by being able to find location from IP address, they will know where exactly you are moving. Don’t worry, all this data will also be combined with your Facebook mobile usage and a final stat will be arrived at! That’s scary because it could reveal so much about a user & all privacy is gone with the wind.

Targeted Advertisements

This kind of tracking is something the user cannot opt out because sending cookies and setting HTTP Referer headers are part of the protocol. That means, you are tracked by default. Without your knowledge, your online behaviour and all the websites you visit (assuming they have added the Like button) after logging into Facebook are tracked by Facebook. This is useful for a lot of cases. Say you visit IMDB after logging in to Facebook. Each of the movie pages will have the like button. So Facebook will know which movies you are visiting. When you click on the ‘Like’ button for a certain movie, it gets to know your tastes and offer more movies along similar lines when you visit IMDB next. This same technique could also be used by spammers to trick you in to ‘liking’ some random link of their choice.

Like this, through the iframe based ‘Like’ button, Facebook funnels all required data to create a customized and scary experience.

Why not Google?

Ideally speaking, this was something that Google should have done a year or two ago. Most people I know are logged in to Google all their day and web browsing happens simultaneously. Just think of what would would happen if Google had done this. With their already powerful search tracking user behaviour and statistics, adsense would use this data to send specific advertisements to users. Google analytics is already deployed on tons and tons of websites all over the web. This one ‘GLike’ button could also be used to track statistics so easily. Now all of that happens on Facebook. Facebook is luring developers and users alike with its huge user base . Combining a utility like ‘Like’ button with Google’s powerful anti-spam, anti-phishing and other anti-* mechanisms, it would indeed become a formidable force on the web.

What if you don’t want to be tracked?

If you don’t want to be tracked without your explicit approval, I would suggest browsing Facebook in Incognito browsing mode in Chrome, multiple profiles in Firefox or InPrivate browsing mode in Internet Explorer. All these modes will clear cookies and other history data when you close the browser window. So you might not be tracked as efficiently as possible.

I hope Facebook addresses this privacy concern. Facebook, please don’t be evil with our data. I wouldn’t be surprised if Facebook launches a general purpose search engine in the next couple of years!